CVE-2009-0184

Free Download Manager <3.0.844 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-0184. PoCs published by Metasploit, Carsten Eiram, including Metasploit module exploits/windows/fileformat/fdm_torrent.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Free Download Manager 3.0 Build 844 by crafting a malicious torrent file. It leverages SEH overwrites to achieve remote code execution when the victim opens the file.

Description

Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16634

This exploit targets a stack buffer overflow in Free Download Manager 3.0 Build 844 by crafting a malicious torrent file. It leverages SEH overwrites to achieve remote code execution when the victim opens the file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free Download Manager 3.0 Build 844
No auth needed
Prerequisites: Victim must open the malicious torrent file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Carsten Eiram · textlocalwindows
https://www.exploit-db.com/exploits/10009

This is a Metasploit module exploiting a stack buffer overflow in Free Download Manager 3.0 Build 844 via a maliciously crafted torrent file. It leverages SEH overwrite and alphanumeric shellcode to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free Download Manager 3.0 Build 844
No auth needed
Prerequisites: Victim must open the malicious torrent file in Free Download Manager
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/fdm_torrent.rb

This Metasploit module exploits a stack buffer overflow in Free Download Manager 3.0 Build 844 by crafting a malicious torrent file. The exploit leverages SEH overwrites and delivers a payload via a specially encoded torrent file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Free Download Manager 3.0 Build 844
No auth needed
Prerequisites: Victim must open the malicious torrent file in Free Download Manager
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33555
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33524
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500605/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0302
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2009-5/

Scores

EPSS 0.2792
EPSS Percentile 97.8%

Details

CWE
CWE-119
Status published
Products (2)
free_download_manager/free_download_manager 2.5
free_download_manager/free_download_manager 3.0
Published Feb 03, 2009
Tracked Since Feb 18, 2026